With detections backed by the elite Sysdig Threat Research Team, Falco Feeds equips organizations to easily scale Falco and stay ahead of cloud threats

KubeCon CloudNativeCon North America - Sysdig today announced the launch of Falco Feeds by Sysdig, a continuously evolving and curated set of Falco detections. With over 130 million downloads, open source Falco has set the standard for runtime threat detection in the cloud, and Falco Feeds extends its power and utility. Backed by the Sysdig Threat Research Team (TRT), a dedicated group of threat researchers on the leading edge of emerging cloud risks and vulnerabilities, Falco Feeds gives open source-focused companies access to expert-written rules that continue to be updated as new threats are discovered.

"Falco, similar to a network of security cameras, provides unmatched real-time threat detection, monitoring, and observability across cloud infrastructures," said Loris Degioanni, Founder and CTO of Sysdig, Co-Creator of Falco. "However, open source software involves an inherently self-managed process. The average company doesn't have the resources to constantly add new rules, nor do they have a threat research team on the cutting edge of the ever-evolving threat landscape."

Scaling Open Source Security and Compliance with Falco Feeds by Sysdig

The Sysdig TRT, the world-renowned group behind cloud-native threat operation discoveries such as LLMjacking and SCARLETEEL, provides timely and effective detection updates for critical common vulnerabilities and exposures (CVEs) like the infamous Log4j vulnerability, as well as evolving attacker behaviors and sophisticated techniques that can exploit even minor vulnerabilities in new ways. By receiving these updates directly into the Falco rules feed, organizations can maintain a strong security posture without having to stay current on every emerging threat. Extensive coverage and reinforced security posture: Each Falco rule is classified with tags for regulatory and security compliance frameworks, such as NIST, NIS2, DORA, SOC2, HIPAA, and FedRAMP. Additionally, Falco Feeds leverages Sysdig Secure's rule set, currently providing 95% coverage of the MITRE ATT&CK® Framework for containers and 89% coverage for Linux. With Falco Feeds, it's easier than ever for organizations to meet evolving regulatory requirements, streamline audits, and maintain a high standard of security across their cloud environments.





"Companies that want the power of Falco without the manual work choose Sysdig," Degioanni continued. "But there will always be a portion of enterprises that build their infrastructure themselves. With Falco Feeds, we are giving those companies a leg up, with access to emerging threat intelligence so that they can retain their DIY nature without being blindsided by the latest attack evolution."

About Sysdig

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig, rated No. 1 for cloud security posture management (CSPM) in the Gartner Peer Insights "Voice of a Customer" report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

